Overview
overview
10Static
static
10241105-dtx...ed.zip
windows7-x64
1241105-dtx...ed.zip
windows10-2004-x64
1d91912b4b9...37.rar
windows7-x64
1d91912b4b9...37.rar
windows10-2004-x64
10di3x.exe
windows7-x64
100di3x.exe
windows10-2004-x64
10201106-9sx...ed.zip
windows7-x64
1201106-9sx...ed.zip
windows10-2004-x64
12019-09-02...10.exe
windows7-x64
102019-09-02...10.exe
windows10-2004-x64
102c01b00772...eb.exe
windows7-x64
102c01b00772...eb.exe
windows10-2004-x64
731.exe
windows7-x64
1031.exe
windows10-2004-x64
103DMark 11 ...on.exe
windows7-x64
33DMark 11 ...on.exe
windows10-2004-x64
342f9729255...61.exe
windows7-x64
1042f9729255...61.exe
windows10-2004-x64
105da0116af4...18.exe
windows7-x64
75da0116af4...18.exe
windows10-2004-x64
106306868794.bin.zip
windows7-x64
16306868794.bin.zip
windows10-2004-x64
1CVE-2018-1...oC.swf
windows7-x64
3CVE-2018-1...oC.swf
windows10-2004-x64
3DiskIntern...en.exe
windows7-x64
3DiskIntern...en.exe
windows10-2004-x64
3E2-2020111...59.zip
windows7-x64
1E2-2020111...59.zip
windows10-2004-x64
1ForceOp 2....ce.exe
windows7-x64
7ForceOp 2....ce.exe
windows10-2004-x64
7HYDRA.exe
windows7-x64
10HYDRA.exe
windows10-2004-x64
10Resubmissions
01/04/2025, 21:24
250401-z8184awycs 10Analysis
-
max time kernel
117s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
25/02/2025, 23:21
Static task
static1
Behavioral task
behavioral1
Sample
241105-dtxrgatbpg_pw_infected.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
241105-dtxrgatbpg_pw_infected.zip
Resource
win10v2004-20250217-en
Behavioral task
behavioral3
Sample
d91912b4b945e88e881e54573390e6723cfc41916b6546453b59e60f9beee337.rar
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
d91912b4b945e88e881e54573390e6723cfc41916b6546453b59e60f9beee337.rar
Resource
win10v2004-20250217-en
Behavioral task
behavioral5
Sample
0di3x.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
0di3x.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral7
Sample
201106-9sxjh7tvxj_pw_infected.zip
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
201106-9sxjh7tvxj_pw_infected.zip
Resource
win10v2004-20250217-en
Behavioral task
behavioral9
Sample
2019-09-02_22-41-10.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
2019-09-02_22-41-10.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral11
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win7-20241023-en
Behavioral task
behavioral12
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral13
Sample
31.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
31.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral15
Sample
3DMark 11 Advanced Edition.exe
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
3DMark 11 Advanced Edition.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral17
Sample
42f972925508a82236e8533567487761.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
42f972925508a82236e8533567487761.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral19
Sample
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral21
Sample
6306868794.bin.zip
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
6306868794.bin.zip
Resource
win10v2004-20250217-en
Behavioral task
behavioral23
Sample
CVE-2018-15982_PoC.swf
Resource
win7-20241023-en
Behavioral task
behavioral24
Sample
CVE-2018-15982_PoC.swf
Resource
win10v2004-20250217-en
Behavioral task
behavioral25
Sample
DiskInternals_Uneraser_v5_keygen.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
DiskInternals_Uneraser_v5_keygen.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral27
Sample
E2-20201118_141759.zip
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
E2-20201118_141759.zip
Resource
win10v2004-20250217-en
Behavioral task
behavioral29
Sample
ForceOp 2.8.7 - By RaiSence.exe
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
ForceOp 2.8.7 - By RaiSence.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral31
Sample
HYDRA.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
HYDRA.exe
Resource
win10v2004-20250217-en
General
-
Target
CVE-2018-15982_PoC.swf
-
Size
12KB
-
MD5
82fe94beb621a4368e76aa4a51998c00
-
SHA1
b7c79b8f05c3d998e21d01b07b9ba157160581a9
-
SHA256
c61dd1b37cbf2d72e3670e3c8dff28959683e6d85b8507cda25efe1dffc04bdb
-
SHA512
055677c2194ff132dc3c50ef900a36a0e4b8e5b85d176047fdefdec049aff4d5e2db1ccffefaf65575b4ca41e81fd24beb3c7cfd2fce6275642638d0cf624d27
-
SSDEEP
192:gR6qPBBRRcrxFx/pHPn9moz7p/+tqHM41rftZDBLj9b5d/:gwqDcLx/pH/IoBiqH/BfbDBLj9b5h
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = a05ae042dc87db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PhishingFilter iexplore.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{805D4A01-F3CF-11EF-BB72-627BF89B6001} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "446687671" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000_Classes\Local Settings rundll32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2872 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2872 iexplore.exe 2872 iexplore.exe 2228 IEXPLORE.EXE 2228 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 2652 wrote to memory of 2516 2652 cmd.exe 31 PID 2652 wrote to memory of 2516 2652 cmd.exe 31 PID 2652 wrote to memory of 2516 2652 cmd.exe 31 PID 2516 wrote to memory of 2872 2516 rundll32.exe 33 PID 2516 wrote to memory of 2872 2516 rundll32.exe 33 PID 2516 wrote to memory of 2872 2516 rundll32.exe 33 PID 2872 wrote to memory of 2228 2872 iexplore.exe 34 PID 2872 wrote to memory of 2228 2872 iexplore.exe 34 PID 2872 wrote to memory of 2228 2872 iexplore.exe 34 PID 2872 wrote to memory of 2228 2872 iexplore.exe 34
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf1⤵
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2516 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CVE-2018-15982_PoC.swf3⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2228
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD583142242e97b8953c386f988aa694e4a
SHA1833ed12fc15b356136dcdd27c61a50f59c5c7d50
SHA256d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755
SHA512bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50b8104eb7626f4c35d1d71cd66d903ce
SHA1bcff82ced70a1250519059a4962426b979193dfe
SHA256e81a183f3e15147bd00ec10930fd185d1d35b40653b18273dbc8d078944b9cbc
SHA512d802c8de53eae8d01f65313fb94b9e149e33e8f352a09bb54ab7e92d434028716828eac5bb59bb8303bbcee3b86066bdf8d771d58534959c6589706fedf44f2a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5703581ae087ef3e7fcd7a2be3fa4729c
SHA14d9ba9ca5caeb33237666126095e57623ef6a510
SHA2569f4009da1e367a5f1bfc50cdc57ea07df5027d563be6a6925284901b4a7bfd67
SHA512ae73724cf9b99474f1bcb161c1d44428f7c253111b3bd78b12846910bc60f382987b0f9f2ecd24c53f07d2a54163de906b858ce7c330c477ad9d34a1261fc886
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5fa427090351abc11cf55300e67e6e81e
SHA176b6259fb1eee29deb3c7604fdadeab661e9327b
SHA256cde8d725cadf584ee3626677f23f0bea9ac0e704b90fa02ed9f364ce6edafd33
SHA51275aac90f9141eabce4d53ab097c8e20410b0ce84b2bd8e4546517a6a85363041a63ab961c0ceeebdf802cdffa665fd98f36fd45ee6637b76a8474d1da1d00601
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5439ff27c6695dd5cb26ec5275d4db17b
SHA1ff9df9829536c349f3a271a2f0394f811b1171b9
SHA25691978ec00604addb403d614aab927b7bc31357f34db7e6e665222d5b7a603da7
SHA512aebc7cdec730264e096a92221142c862aad44f5ba1d0de021a5b1d44c0986b917b3b29c1f01c852ef4bd23c80fe410cd5595b79db6198933b4d76dd709e1accf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD560c8bc87d0c324b7690f165a107a4e57
SHA1ae07b8b52ff0c05a913902ce31317d511e21a71c
SHA256e25df41eab846c716c30ef4a40adc9257c0473d5c2e537747063bc3ee81fcb4b
SHA51261c18f9af2906a01c083a071e8258b6966da43d785797d9d40d2099374dae8919d84528840d163f8fa3f5ef2bc1e7c9fd1a395636b9cb3446ff6303de31b31a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5981632c681c48430ffedcae33c655a0e
SHA15bcb7973a41ddf6993b52b98f6227b7ed24a186c
SHA256989df5fb5dfb463612ad146ea9d6b6066d6f5cc1df1f5a977a411243aff99331
SHA5122b22a1e7031ef68af67cbfda71b880e2eb12845c433b30de3cac61310b2a28eb3b334d034ab8db090759952ae05f80ba8bcc594307847242dfec64e1de780c2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ab1ac126ee3a5b8e37fb3c51ee539956
SHA149dcc006069c45a7479ce7c89acfd9bdd9bf37e2
SHA256cee4c26957125a8dc231ad5c0dde1a909a4562fadff09570f67c7853b278eea4
SHA51265a7cb82775a30df7ee17058d198f489dee38c6f2f031add26dc46447d817fb95fcaca6494eac1d3c38b4847278cc58b91c125b13a3e016ceab9b42a366a8772
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5eeeb6831f69180240d750466c443aaa3
SHA11eab04499cd457629d41ad9ccbcc16cb2d26d8ea
SHA2568c2a0f3543962f618487f9e1c6c06bc5fc5839a90eeb6dc6c96849a35ff3d328
SHA512a1dbfa0cd841db1fdd6bc3fbea237a8a0d560cb873a4684be0366bb161a649f5af5903c37d47844c00e0bb1a4a2b9dfa82b8dada7d5c63ebfc3d2bae76429ef8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b6326fde09334d838062618e0c46f43f
SHA1e884633419f0c000b50c3df951e28d4107063318
SHA256f8a170a6510af8de40d5e63f18c88decc80083494052612370cbde2da5faadd9
SHA5121384f5a4dce40fb163a070f3ca4a142989ea90fe9e2310bc52358cb47dc688898e7a61f23abac15c4ebf7b9c1a1dd45baff7cb02c6306c0f7185a0c2f0d60368
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
183KB
MD5109cab5505f5e065b63d01361467a83b
SHA14ed78955b9272a9ed689b51bf2bf4a86a25e53fc
SHA256ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673
SHA512753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc